[PATCH] Fix root hole in pktcdvd

ioctl_by_bdev may only be used INSIDE the kernel.  If the "arg" argument
refers to memory that is accessed by put_user/get_user in the ioctl
function, the memory needs to be in the kernel address space (that's the
set_fs(KERNEL_DS) doing in the ioctl_by_bdev).  This works on i386 because
even with set_fs(KERNEL_DS) the user space memory is still accessible with
put_user/get_user.  That is not true for s390.  In short the ioctl
implementation of the pktcdvd device driver is horribly broken.

Signed-off-by: Peter Osterlund <petero2@telia.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 1a1fa3ccb91375031556815e71fa858cdc48ab60..82ccad0a7f1a48e56b4d36a628b56aea5392166e 100644 (file)
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
@@ -2406,7 +2406,7 @@ static int pkt_ioctl(struct inode *inode, struct file *file, unsigned int cmd, u
        case CDROM_LAST_WRITTEN:
        case CDROM_SEND_PACKET:
        case SCSI_IOCTL_SEND_COMMAND:
-               return ioctl_by_bdev(pd->bdev, cmd, arg);
+               return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);
 
        case CDROMEJECT:
                /*
@@ -2414,7 +2414,7 @@ static int pkt_ioctl(struct inode *inode, struct file *file, unsigned int cmd, u
                 * have to unlock it or else the eject command fails.
                 */
                pkt_lock_door(pd, 0);
-               return ioctl_by_bdev(pd->bdev, cmd, arg);
+               return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);
 
        default:
                printk("pktcdvd: Unknown ioctl for %s (%x)\n", pd->name, cmd);